Vulnerability Note VU#839284

Microsoft Windows TCP/IP fails to properly validate IGMP packets

Original Release date: 14 Feb 2006 | Last revised: 19 Feb 2006


Microsoft Windows implementations of the TCP/IP protocol fail to properly validate IGMP packets, leading to a denial-of-service condition.



The Transmission Control Protocol (TCP) is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in a packet-switched computer network. The Internet Group Management Protocol version 3 (IGMPv3) is defined in RFC 3376 as a protocol to help manage multicast connections over the internet.

The Vulnerability

The Microsoft implementation of TCP/IP fails to properly handle specially crafted IGMPv3 packets, possibly leading to a denial-of-service condition. For more information, including a list of vulnerable systems, please refer to Microsoft Security Bulletin MS06-007.


By sending a specially crafted IGMPv3 packet to a vulnerable system, an unauthenticated, remote attacker could cause that system to stop responding.


Apply an Update

Microsoft has addressed this issue in Microsoft Security Bulletin MS06-007.

Please see Microsoft Security Bulletin MS06-007 for a list of workarounds to mitigate this vulnerability.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-14 Feb 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported in Microsoft Security Bulletin MS06-007 . Microsoft credits Douglas Nascimento of Datacom with providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2006-0021
  • Date Public: 14 Feb 2006
  • Date First Published: 14 Feb 2006
  • Date Last Updated: 19 Feb 2006
  • Severity Metric: 21.00
  • Document Revision: 19


If you have feedback, comments, or additional information about this vulnerability, please send us email.